From owner-svn-ports-all@FreeBSD.ORG Mon Jun 23 09:57:28 2014 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3D475986; Mon, 23 Jun 2014 09:57:28 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2AAEA24B9; Mon, 23 Jun 2014 09:57:28 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5N9vSkg034380; Mon, 23 Jun 2014 09:57:28 GMT (envelope-from bapt@svn.freebsd.org) Received: (from bapt@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5N9vRGX034378; Mon, 23 Jun 2014 09:57:27 GMT (envelope-from bapt@svn.freebsd.org) Message-Id: <201406230957.s5N9vRGX034378@svn.freebsd.org> From: Baptiste Daroussin Date: Mon, 23 Jun 2014 09:57:27 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r358915 - in head: . Mk X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jun 2014 09:57:28 -0000 Author: bapt Date: Mon Jun 23 09:57:27 2014 New Revision: 358915 URL: http://svnweb.freebsd.org/changeset/ports/358915 QAT: https://qat.redports.org/buildarchive/r358915/ Log: Remove the IGNOREFILES feature: it was an unsafe feature allowing to use files fetched from untrusted sources directly into the ports tree CR: D269 Reviewed by: portmgr (antoine) Modified: head/CHANGES head/Mk/bsd.port.mk Modified: head/CHANGES ============================================================================== --- head/CHANGES Mon Jun 23 09:38:37 2014 (r358914) +++ head/CHANGES Mon Jun 23 09:57:27 2014 (r358915) @@ -10,6 +10,13 @@ in the release notes and/or placed into All ports committers are allowed to commit to this file. +20140623: +AUTHOR: bapt@FreeBSD.org + + IGNOREFILES is not supported anymore, it was an unsafe feature allowing to + use unchecked files downloaded from untrusted places to be used in the ports + tree. + 20140607: AUTHOR: mva@FreeBSD.org Modified: head/Mk/bsd.port.mk ============================================================================== --- head/Mk/bsd.port.mk Mon Jun 23 09:38:37 2014 (r358914) +++ head/Mk/bsd.port.mk Mon Jun 23 09:57:27 2014 (r358915) @@ -122,7 +122,6 @@ FreeBSD_MAINTAINER= portmgr@FreeBSD.org # ${DISTDIR} (see below). Also they will be fetched in this # subdirectory from FreeBSD mirror sites. # ALLFILES - All of ${DISTFILES} and ${PATCHFILES}. -# IGNOREFILES - If set, don't perform checksum checks on these files. # NOFETCHFILES - If set, don't download these files from the ${MASTER_SITES} # or ${MASTER_SITE_BACKUP} (but do from # ${MASTER_SITE_OVERRIDE}) @@ -2683,30 +2682,15 @@ patch-sites-default: patch-sites-DEFAULT master-sites: master-sites-DEFAULT patch-sites: patch-sites-DEFAULT -.if defined(IGNOREFILES) -.if !defined(CKSUMFILES) -. for _f in ${ALLFILES} -. if ! ${IGNOREFILES:M${_f}} -CKSUMFILES+= ${_f} -. endif -. endfor -. undef _f -.endif -.else CKSUMFILES= ${ALLFILES} -.endif # List of all files, with ${DIST_SUBDIR} in front. Used for checksum. .if defined(DIST_SUBDIR) .if defined(CKSUMFILES) && ${CKSUMFILES}!="" _CKSUMFILES?= ${CKSUMFILES:S/^/${DIST_SUBDIR}\//} .endif -.if defined(IGNOREFILES) && ${IGNOREFILES}!="" -_IGNOREFILES?= ${IGNOREFILES:S/^/${DIST_SUBDIR}\//} -.endif .else _CKSUMFILES?= ${CKSUMFILES} -_IGNOREFILES?= ${IGNOREFILES} .endif # This is what is actually going to be extracted, and is overridable @@ -4678,11 +4662,6 @@ makesum: check-checksum-algorithms ${ECHO_CMD} "SIZE ($$file) = `${STAT} -f \"%z\" $$file`" >> ${DISTINFO_FILE}; \ done \ ) - @for file in ${_IGNOREFILES}; do \ - for alg in ${CHECKSUM_ALGORITHMS:tu}; do \ - ${ECHO_CMD} "$$alg ($$file) = IGNORE" >> ${DISTINFO_FILE}; \ - done; \ - done .endif .if !target(checksum) @@ -4710,13 +4689,6 @@ checksum: fetch check-checksum-algorithm ignore="true"; \ fi; \ \ - if [ "$$CKSUM" = "IGNORE" ]; then \ - ${ECHO_MSG} "=> $$alg Checksum for $$file is set to IGNORE in distinfo file even though"; \ - ${ECHO_MSG} " the file is not in the "'$$'"{IGNOREFILES} list."; \ - ignore="true"; \ - OK=${FALSE}; \ - fi; \ - \ if [ $$ignore = "false" ]; then \ match="false"; \ for chksum in $$CKSUM; do \ @@ -4745,42 +4717,6 @@ checksum: fetch check-checksum-algorithm \ done; \ \ - for file in ${_IGNOREFILES}; do \ - _file=$${file#${DIST_SUBDIR}/*}; \ - ignored="true"; \ - alreadymatched="false"; \ - for alg in ${CHECKSUM_ALGORITHMS:tu}; do \ - ignore="false"; \ - eval alg_executable=\$$$$alg; \ - \ - if [ $$alg_executable != "NO" ]; then \ - CKSUM=`file=$$_file; ${DISTINFO_DATA}`; \ - else \ - ignore="true"; \ - fi; \ - \ - if [ $$ignore = "false" ]; then \ - if [ -z "$$CKSUM" ]; then \ - ${ECHO_MSG} "=> No $$alg checksum for $$file recorded (expected IGNORE)"; \ - OK="$$alreadymatched"; \ - elif [ $$CKSUM != "IGNORE" ]; then \ - ${ECHO_MSG} "=> $$alg Checksum for $$file is not set to IGNORE in distinfo file even though"; \ - ${ECHO_MSG} " the file is in the "'$$'"{IGNOREFILES} list."; \ - OK="false"; \ - else \ - ignored="false"; \ - alreadymatched="true"; \ - fi; \ - fi; \ - done; \ - \ - if ( [ $$ignored = "true" ]) ; then \ - ${ECHO_MSG} "=> No suitable checksum found for $$file."; \ - OK="false"; \ - fi; \ - \ - done; \ - \ if [ "$${OK:=true}" = "retry" ] && [ ${FETCH_REGET} -gt 0 ]; then \ ${ECHO_MSG} "===> Refetch for ${FETCH_REGET} more times files: $$refetchlist"; \ if ( cd ${.CURDIR} && \